Vulnerability CVE-2014-5418


Published: 2015-01-16   Modified: 2015-01-17

Description:
GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service (resource consumption or reboot) via crafted packets.

Type:

CWE-399

(Resource Management Errors)

Vendor: GE
Product: Multilink ml3100 firmware 
Version: 5.2.0;
Product: Multilink ml810 firmware 
Version: 5.2.0;
Product: Multilink ml3000 firmware 
Version: 5.2.0;
Product: Multilink ml800 firmware 
Version: 4.2.1;
Product: Multilink ml1200 firmware 
Version: 4.2.1;
Product: Multilink ml2400 firmware 
Version: 4.2.1;
Product: Multilink ml1600 firmware 
Version: 4.2.1;
Product: Multilink ml3100 
Product: Multilink ml3000 
Product: Multilink ml800 
Product: Multilink ml1200 
Product: Multilink ml2400 
Product: Multilink ml810 
Product: Multilink ml1600 

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
https://ics-cert.us-cert.gov/advisories/ICSA-15-013-04
http://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdf

Related CVE
CVE-2019-10966
In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuratio...
CVE-2019-6566
GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to replace the uninstaller with a malicious version, which could allow an attacker to gain administrator privileges to the system.
CVE-2019-6564
GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade.
CVE-2019-6548
GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end u...
CVE-2019-6546
GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements.
CVE-2019-6544
GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator p...
CVE-2018-15362
XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0
CVE-2018-17925
Multiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For Scripting) have been identified in the third-party ActiveX object provided to GE iFIX versions 2.0 - 5.8 by Gigasoft. Only the independent use of the Gigasoft charting p...

Copyright 2019, cxsecurity.com

 

Back to Top